1.) anywhere it is NOT connected to a network or the internet. (sorry, but it's the truth.) Anywhere else, you take your chances. The laptop is only as secure as you make it. Just keep updated Antivirus and Antispyware on it, and be wary of anything that looks unusual, such as certificate warnings to sites you frequent regularly, and normally don't see errors on.

2.) home or not doesn't matter. If the circumstances are right, you'll get hacked ANYWHERE.

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

Hayabusa's right on the money. There really is no "secure" place to use your laptop other than anyplace you turn off wifi and unplug your network cable. I would have to say that it's more common to have your wireless devices "hacked" or the traffic sniffed outside of the home. That's just what I've personally noticed though.

hayabusa wrote:1.) anywhere it is NOT connected to a network or the internet. (sorry, but it's the truth.) Anywhere else, you take your chances. The laptop is only as secure as you make it. Just keep updated Antivirus and Antispyware on it, and be wary of anything that looks unusual, such as certificate warnings to sites you frequent regularly, and normally don't see errors on.

2.) home or not doesn't matter. If the circumstances are right, you'll get hacked ANYWHERE.

Thank you to Hayabusa and Poet for you guys' feedback.

Well, here's the other thing..

I've been considering getting a laptop and having an "Antivirus" and an "Antispyware" installed, along with having a Web Application Security Tester to protect my business.

After I've done that though, does that necessarily mean that my new laptop's going to be all patched-up from vulnerabilities?

what is your laptop os?if you have windows on your laptop you msut have an updated antivirus (Total security version of antiviruses are batter) and you must update your windows to patch all known security bugs

and about where is safe for laptop? whenever you connect to any network with your laptop ( no matter there ishas internet or not) it maybe dangerous

There is always risk involved when connecting your computer to any network. I keep shields up at all times (firewall active and AV actively running). When I am traveling I tend to VPN into my home network before I do anything. I have more control of that network than hotels, Panera's or Starbucks. You Web application tester will probably have some skills with helping you secure your personal laptop but honestly, keeping AV updated, local firewall running and updating ALL software regularly will keep you about as secure as you can get.

If you are worried about data, you can always utilize software like Truecrypt and create encrypted containers on your local/network storage drives. Windows 7 also utilizes Bitlocker in the Business/Ultimate editions.

Also if you are using something other than Windows (Mac or Linux) do not assume you are immune to attacks. Mac OS exploits and viruses have been coming out much more frequently than in the past and Linux is also vulnerable to attacks. Granted they are much less than Windows and even Mac but they are still out there. Besides what you have that a blackhat might want is not necessarily on your local systems. They may want access to your email, your web hosting information and credentials, bank information and all that is out on the web.

Education is your best friend and common sense goes a long way. Don't hinder your business by being too paranoid, but use the paranoia to better secure your business.

Also as far as securing your home office, I would recommend investing in a SOHO style firewall (Small Office Home Office) such as a Sonicwall or Watchguard device. They are fairly easy to manage once they are setup and they have a low reoccuring cost for service and support. The bonus to these devices is that they will include other services besides simple port forwarding. The Sonicwalls (I am most familiar with) provide IDS/IPS as well as gateway antivirus. So that ends up filtering much of the garbage before it hits your internal network. Something to think about.

Also as you are building this business, don't get frustrated if some new security software/hardware makes something not work. Rather than turning off the security feature, make sure it is properly configured with the correct exceptions to keep your apps running properly.

107- You might want to consider using a Live CD or bootable USB stick when you are out and about (I would suggest the latest Ubuntu if you have little experience or a secure distro if you do). It's somewhat safer than using Windows directly from your hard drive.

If you must use Windows, then (with all the above advice from other forum members) use Sandboxie to make it much harder for a script kiidie to do permanent damage in addition to encrypting all your sensitive data (most people like TrueCrypt).

Last edited by WCNA on Tue Nov 01, 2011 7:58 am, edited 1 time in total.

White ghost wrote:what is your laptop os?if you have windows on your laptop you msut have an updated antivirus (Total security version of antiviruses are batter) and you must update your windows to patch all known security bugs

and about where is safe for laptop? whenever you connect to any network with your laptop ( no matter there ishas internet or not) it maybe dangerous

I truly appreciate your input.

When you say, "you must update your windows to patch all known security bugs," are you referring to upgrading to a more recent and better brand of Windows or are you saying to simply upgrade the version of Windows that I have right now?

We're here to help one another learn. Sometimes, folks take posts the wrong way (aka - another of my responses, today, drew fire.) They're rarely intended negatively, but they're generally brutally honest, so sometimes I (and others) have to double-check wording, to make sure the point is made without offending or scaring someone.

Anyway, if you have further questions, that's what we're all here for. Learning and info-share.

Have a great day!

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

3xban wrote:There is always risk involved when connecting your computer to any network. I keep shields up at all times (firewall active and AV actively running). When I am traveling I tend to VPN into my home network before I do anything. I have more control of that network than hotels, Panera's or Starbucks. You Web application tester will probably have some skills with helping you secure your personal laptop but honestly, keeping AV updated, local firewall running and updating ALL software regularly will keep you about as secure as you can get.

If you are worried about data, you can always utilize software like Truecrypt and create encrypted containers on your local/network storage drives. Windows 7 also utilizes Bitlocker in the Business/Ultimate editions.

Also if you are using something other than Windows (Mac or Linux) do not assume you are immune to attacks. Mac OS exploits and viruses have been coming out much more frequently than in the past and Linux is also vulnerable to attacks. Granted they are much less than Windows and even Mac but they are still out there. Besides what you have that a blackhat might want is not necessarily on your local systems. They may want access to your email, your web hosting information and credentials, bank information and all that is out on the web.

Education is your best friend and common sense goes a long way. Don't hinder your business by being too paranoid, but use the paranoia to better secure your business.

Also as far as securing your home office, I would recommend investing in a SOHO style firewall (Small Office Home Office) such as a Sonicwall or Watchguard device. They are fairly easy to manage once they are setup and they have a low reoccuring cost for service and support. The bonus to these devices is that they will include other services besides simple port forwarding. The Sonicwalls (I am most familiar with) provide IDS/IPS as well as gateway antivirus. So that ends up filtering much of the garbage before it hits your internal network. Something to think about.

Also as you are building this business, don't get frustrated if some new security software/hardware makes something not work. Rather than turning off the security feature, make sure it is properly configured with the correct exceptions to keep your apps running properly.

Good luck!

Thank you very much for all of the helpful information you've provided me.

You said, "When I am traveling I tend to VPN into my home network before I do anything.", I'm a little confused. I thought a VPN could only be accessed in other public locations other than your own home.. (such as a business complex or maybe even a library). I'm probably just missing something though, so would you mind explaining how to VPN your own "home network" without being in a business complex and the like?

Other than that, I'm definitely going to take everything you've said into consideration.

If I go to Starbucks or the airport, or really anywhere that has an open network, I'll forward all of my traffic through an SSH tunnel to my home network. That way it just looks like encrypted traffic on the public network, but I still have to rely on the security of my home network to make sure my data is safe.

WCNA wrote:107- You might want to consider using a Live CD or bootable USB stick when you are out and about (I would suggest the latest Ubuntu if you have little experience or a secure distro if you do). It's somewhat safer than using Windows directly from your hard drive.

If you must use Windows, then (with all the above advice from other forum members) use Sandboxie to make it much harder for a script kiidie to do permanent damage in addition to encrypting all your sensitive data (most people like TrueCrypt).

Thank you very much for the program's you've suggested.

I've done my research on all of them and I'm more than likely going to implement them into my work.